US12101355B2ActiveUtilityA1

Secure VSAN cluster using device authentication and integrity measurements

62
Assignee: DELL PRODUCTS LPPriority: Jul 26, 2021Filed: Jul 26, 2021Granted: Sep 24, 2024
Est. expiryJul 26, 2041(~15 yrs left)· nominal 20-yr term from priority
G06F 9/541G06F 13/102H04L 67/1097H04L 63/08H04L 63/20
62
PatentIndex Score
0
Cited by
5
References
20
Claims

Abstract

A node for a VSAN includes a BMC, a processor, and a plurality of VSAN objects. The processor instantiates a Cluster Membership, Monitoring, and Directory Service (CMMDS) and a BMC Service Module (SM). The CMMDS implements a Security Policy and Data Model (SPDM) architecture. The CMMDS determines an inventory list of the VSAN objects and a SPDM authentication state for each of the objects, and provides the inventory list and the SPDM authentication states to the BMC SM. The BMC SM provides the inventory list and the SPDM authentication state to the BMC. The BMC determines that a first VSAN object is not authenticated based upon the SPDM authentication state of the first VSAN object, and directs the CMMDS to halt input/output (I/O) operations on the VSAN to the first VSAN object.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A node for a virtual storage area network (VSAN), comprising:
 a Baseboard Management Controller (BMC) configured to provide a management environment on the node; 
 a hardware processor configured to provide a host environment on the node, the host environment to provide a cluster membership, monitoring, and directory service (CMMDS) and a BMC service module (SM), the CMMDS configured to implement a security policy and data model (SPDM) architecture, the BMC SM configured to provide communication between the host environment and the management environment; and 
 a plurality of VSAN objects; 
 wherein: 
 the BMC operates to determine an inventory list of the VSAN objects, to determine a SPDM authentication state for each of the objects, and provide the inventory list and the SPDM authentication state to the BMC SM; 
 the BMC SM operates to provide the SPDM authentication states to the CMMDS; and 
 the BMC further operates to determine that a first one of the VSAN objects is not authenticated based upon a SPDM authentication state of the first VSAN object from the SPDM authentication states, and to direct the CMMDS to halt input/output (I/O) operations on the VSAN to the first VSAN object via the BMC SM based on the determination that the first one of the VSAN object is not authenticated. 
 
     
     
       2. The node of  claim 1 , wherein the BMC further operates to create an inventory table including the VSAN objects and the associated SPDM authentication state for each VSAN object. 
     
     
       3. The node of  claim 2 , wherein the BMC further operates to send the inventory table to a management system of the management environment. 
     
     
       4. The node of  claim 1 , wherein the CMMDS further halts the I/O operations on the node in response to receiving the direction to halt the I/O operations on the first VSAN object. 
     
     
       5. The node of  claim 1 , wherein the CMMDS further halts the I/O operations on the first VSAN object in response to receiving the direction to halt the I/O operations on the first VSAN object. 
     
     
       6. The node of  claim 1 , wherein the CMMDS is a master CMMDS, and the CMMDS further receives a first indication from an agent CMMDS of another node of the VSAN, the first indication identifying a second VSAN object of the other node that is not authenticated based upon a SPDM authentication state of the second object. 
     
     
       7. The node of  claim 6 , wherein the CMMDS further provides a second indication to a VSAN cluster manager, the second indication indicating that the first VSAN object and the second VSAN object are not authenticated. 
     
     
       8. The node of  claim 1 , wherein the host environment is further to provide an Application Programming Interface (API) between the CMMDS and the BMC SM. 
     
     
       9. The node of  claim 8 , wherein the API operates to halt the I/O operations on the first VSAN object in response to receiving the direction to halt the I/O operations on the first VSAN object. 
     
     
       10. The node of  claim 1 , wherein the VSAN objects include one of a data storage device, a Host Bus Adapter (HBA), and a network controller. 
     
     
       11. A method, comprising:
 providing, on a node for a Virtual Storage Area Network (VSAN), a Baseboard Management Controller (BMC) configured to provide a management environment on the node; 
 providing, on the node, a processor configured to provide a host environment on the node, the host environment to provide a Cluster Membership, Monitoring, and Directory Service (CMMDS) and a BMC Service Module (SM), the CMMDS configured to implement a Security Policy and Data Model (SPDM) architecture, the BMC SM configured to provide communication between the host environment and the management environment; 
 determining, by the BMC, an inventory list of a plurality of VSAN objects on the node; 
 determining, by the BMC, an SPDM authentication state for each of the objects; 
 providing, by the BMC, the inventory list and the SPDM authentication states to the BMC SM; 
 determining, by the BMC, that a first one of the VSAN objects is not authenticated based upon a SPDM authentication state of the first VSAN object from the SPDM authentication states; and 
 directing the CMMDS to halt input/output (I/O) operations on the VSAN to the first VSAN object based on the determination that the first one of the VSAN objects is not authenticated. 
 
     
     
       12. The method of  claim 11 , further comprising creating an inventory table including the VSAN objects and the associated SPDM authentication state for each VSAN object. 
     
     
       13. The method of  claim 12 , further comprising sending the inventory table to a management system of the management environment. 
     
     
       14. The method of  claim 11 , further comprising halting the I/O operations on the node in response to receiving the direction to halt the I/O operations on the first VSAN object. 
     
     
       15. The method of  claim 11 , further comprising halting the I/O operations on the first VSAN object in response to receiving the direction to halt the I/O operations on the first VSAN object. 
     
     
       16. The method of  claim 11 , wherein the CMMDS is a master CMMDS, the method further comprising receiving a first indication from an agent CMMDS of another node of the VSAN, the first indication identifying a second VSAN object of the other node that is not authenticated based upon a SPDM authentication state of the second object. 
     
     
       17. The method of  claim 11 , further comprising receiving a second indication to a VSAN cluster manager, the second indication indicating that the first VSAN object and the second VSAN object are not authenticated. 
     
     
       18. The method of  claim 11 , further comprising providing an application programming interface (API) between the CMMDS and the BMC SM. 
     
     
       19. The method of  claim 18 , further comprising halting, by the API, the I/O operations on the first VSAN object in response to receiving the direction to halt the I/O operations on the first VSAN object. 
     
     
       20. A virtual storage area network (VSAN), comprising:
 a VSAN cluster manager; 
 a first node; and 
 a second node: 
 the first node including:
 a plurality of VSAN objects; 
 a Baseboard Management Controller (BMC) configured to provide a management environment on the node, and to determine an inventory list of the VSAN objects; and 
 
 a hardware processor configured to provide a host environment on the node, the host environment to provide a cluster membership, monitoring, and directory service (CMMDS) and a BMC service module (SM), the CMMDS configured to implement a security policy and data model (SPDM) architecture, the BMC SM configured to provide communication between the host environment and the management environment; 
 wherein: 
 the CMMDS is a master CMMDS; 
 the BMC operates to determine an SPDM authentication state for each of the objects, to provide the SPDM authentication states to the BMC SM, to determine that a first one of the VSAN objects is not authenticated based upon a SPDM authentication state of the first VSAN object from the SPDM authentication states, and to direct the CMMDS to halt input/output (I/O) operations on the VSAN to the first VSAN object via the BMC SM based on the determination that the first one of the VSAN objects is not authenticated; and 
 the CMMDS further receives a first indication from an agent CMMDS of the second node, the first indication identifying a second VSAN object of the second node that is not authenticated based upon the SPDM authentication state of the second VSAN object from the SPDM authentication states, and provides a second indication to the VSAN cluster manager, the second indication indicating that the first VSAN object and the second VSAN object are not authenticated.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.